Bluetooth On A Mobile Phone - Warning

[astral]

WARNING

If you use the Bluetooth facility on your phone to receive data, then you need anti-virus software.

I friend passed his phone to me as it was resetting, powering on an off every 2 minutes.

Now on a PC this is usually caused by a virus and it was the case here.

Very difficult to get rid of.

The phone would reset before a virus scan could be completed.

An added difficulty was the distinct lack of trial versions of AV software for phones, on the web.

I ended up taking the phone to a shop to have the virus removed.

[croftrobin]

Very Very Highly Unlikely.

Can you provide more specific, rather than alarming, information? e.g. the name of the virus, type of phone, how did they remove the virus and what AV software is now on the phone?

I know many people in Europe and here in Asia who now use Bluetooth connections from laptops and PC's to mobile phones for their GPRS internet access.

In these cases the phone just is acting as a modem, and it is essential that you have AV and Firewall software on your pc and laptop. - As standard for any connection nowadays.

If an attack from another Bluetooth device caused the problem on the phone then the details will be seen on the connectivity menu. In the connectivity history.

If you are in a public place and a request on your phone says "Do you wish to connect to XXXX" then you should deny access and then go into your telephone's connectivity menu and switch off visibility.

Then your phone will be invisible. But any devices you have already paired with, will keep their connections.

I think that the problem was more a faulty or corrupt phone's eeprom (often seen with as white screen of death on Sony phones, constant reboot on Nokia's) rather than than a virus.

Many phones nowadays do not like to have their battery flattened (or even run down to less than 10%)

The phones have now so much info to save when they are switched of, that it takes time, just like your PC.

If the battery dies there is a very good chance that you will corrupt the volatile memory before it is written to the eeprom.

The only solution (And I have had to do this on my kids Sony Phones) is reflash the Eeprom. You can do this online and costs about 5 Euros.

WARNING

If you use the Bluetooth facility on your phone to receive data, then you need anti-virus software.

I friend passed his phone to me as it was resetting, powering on an off every 2 minutes.

Now on a PC this is usually caused by a virus and it was the case here.

Very difficult to get rid of.

The phone would reset before a virus scan could be completed.

An added difficulty was the distinct lack of trial versions of AV software for phones, on the web.

I ended up taking the phone to a shop to have the virus removed.

[sensei]

Very Very Highly Unlikely.

Can you provide more specific, rather than alarming, information? e.g. the name of the virus, type of phone, how did they remove the virus and what AV software is now on the phone?

I know many people in Europe and here in Asia who now use Bluetooth connections from laptops and PC's to mobile phones for their GPRS internet access.

In these cases the phone just is acting as a modem, and it is essential that you have AV and Firewall software on your pc and laptop. - As standard for any connection nowadays.

If an attack from another Bluetooth device caused the problem on the phone then the details will be seen on the connectivity menu. In the connectivity history.

If you are in a public place and a request on your phone says "Do you wish to connect to XXXX" then you should deny access and then go into your telephone's connectivity menu and switch off visibility.

Then your phone will be invisible. But any devices you have already paired with, will keep their connections.

I think that the problem was more a faulty or corrupt phone's eeprom (often seen with as white screen of death on Sony phones, constant reboot on Nokia's) rather than than a virus.

Many phones nowadays do not like to have their battery flattened (or even run down to less than 10%)

The phones have now so much info to save when they are switched of, that it takes time, just like your PC.

If the battery dies there is a very good chance that you will corrupt the volatile memory before it is written to the eeprom.

The only solution (And I have had to do this on my kids Sony Phones) is reflash the Eeprom. You can do this online and costs about 5 Euros.

WARNING

If you use the Bluetooth facility on your phone to receive data, then you need anti-virus software.

I friend passed his phone to me as it was resetting, powering on an off every 2 minutes.

Now on a PC this is usually caused by a virus and it was the case here.

Very difficult to get rid of.

The phone would reset before a virus scan could be completed.

An added difficulty was the distinct lack of trial versions of AV software for phones, on the web.

I ended up taking the phone to a shop to have the virus removed.

Yet another mobile phone myth-Busted!

Thanks croftrobin!

[Farma]

Could it be this one?

http://www.symantec.com/security_response/...-99&tabid=2

SymbOS.Cabir

Risk Level 1: Very Low

Discovered: June 15, 2004

Updated: June 15, 2004 4:15:27 AM

Type: Worm

Systems Affected: Symbian OS

SymbOS.Cabir is a proof-of-concept worm that propagates through Bluetooth-enabled devices. The worm runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.

When the worm is executed, it displays one of the following messages:

* Caribe-VZ/29a

* Caribe

* Mytiti

* [YUAN]

* Ni&Ai-

The worm then creates the following files on the device:

* \SYSTEM\APPS\CARIBE\CARIBE.APP

* \SYSTEM\APPS\CARIBE\CARIBE.RSC

* \SYSTEM\APPS\CARIBE\FLO.MDL

* \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.APP

* \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.RSC

* \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.SIS

* \SYSTEM\RECOGS\FLO.MDL

* \SYSTEM\INSTALLS\CARIBE.SIS

Possible presence of the following files:

* MYTITI.SIS

* [YUAN].SIS

* Ni&Ai-.SIS

* Norton AntiVirus 2004 Professional.sis

The worm then begins scanning for other Bluetooth-enabled devices to send itself to. The worm will attempt to send itself to any Bluetooth devices. The worm will execute every time the device is powered off and back on.

[sbk]

Yup, my nephew had this virus on a used phone he bought. And the phone shut itself off regularly. Once the virus was removed, the phone worked fine. There were no hardware issues.

www.infosyncworld.com/news/n/5835.html

Named CommWarrior.a, the new virus attacks smartphones running the Symbian OS based Series 60 platform, replicating over both MMS and Bluetooth.

Symbian OS anti-virus specialist SimWorks announced today that it has identified the first virus targeting the platform that is capable of spreading itself via MMS messages. Using MMS, the CommWarrior.a virus, as SimWorks have named it, can instantaneously send itself to any MMS compatible mobile phone in the world, yet only infects those based on Symbian OS platforms.

Multimedia Message Service (MMS) is a more advanced version of the Short Message Service (SMS) familiar to users of GSM based handsets around the world, and allows rich content such as pictures, sounds, video, and applications to be sent as well as text.

Affecting Series 60 smartphones based on Symbian OS 6.1 or newer, such as the Nokia 3650, 6600 and 6630, the virus does not affect devices running on the UIQ platform, such as the Sony Ericsson P900/P910 and Motorola A925/A1000. Scanning the infected phone's address book, CommWarrior periodically sends MMS messages to randomly selected contacts, including a copy of itself and one of several predefined text messages designed to encourage the recipient to install the application.

"With MMS messages typically costing between $0.25 and $1.00 CommWarrior could prove expensive to anyone unlucky enough to be infected by it. As the virus runs silently in the background it could be quite some time before the user becomes aware of the potentially hundreds of MMS messages that have been sent," said Aaron Davidson, CEO of SimWorks.

Unlike many recent proof-of-concept mobile viruses, SimWorks also said it had received a report of CommWarrior in the wild which it is seeking to confirm.

In addition to using MMS, CommWarrior also attempts to infect nearby devices by means of Bluetooth, similar to other recent viruses targeting the Symbian OS platform. According to SimWorks, CommWarrior is the first mobile virus to use such a two-pronged distribution strategy, which the company said may allow much faster and more geographically widespread infection of vulnerable devices.

As has been the case with past viruses targeting the Symbian OS platform, however, users are still required to accept the installation of the virus whether receiving it via Bluetooth or MMS, which in conjunction with limited MMS interoperability amongst mobile network operators could contribute to slowing down the spread of the virus.

Yes, you do have to choose to install it but how many people's computers get infected by this very same sort of behavior?

[astral]

Very Very Highly Unlikely.

Can you provide more specific, rather than alarming, information? e.g. the name of the virus, type of phone, how did they remove the virus and what AV software is now on the phone?

Scoff at your peril. The reality is alarming.

No myth here

Modern mobile phones are small computers running the Windows or Symbian OS and are just as prone to virus

infection as your PC.

I am not talking about using the phone as a modem, but swapping files between phone, the way youngsters do.

In this case the phone was a Nokia 6630, but all the modern Nokia, e.g. N-series, use the Symbian OS.

I first removed the memory card from the phone and scanned it on my PC.

Avast picked up 30-40 copies of the same virus, in virtually every folder on the card.

I am sorry I did not note the name.

I then loaded Zebra Antivirus. http://www.download.com/Zebra-VirusCleaner...4-10772736.html

This software found the same virus in the phone memory.

The problem was that the phone reset before the scan completed.

At this point I handed the phone to a shop who removed the virus with McAfee.

[DamianMavis]

Yet another mobile phone myth-Busted and unbusted!

Thanks Astral!

HA!

Damian

[Thanh-BKK]

Hi there

There is no myth - i have personally fixed phones that were infected with viruses and i have been on the receiving end of such viruses - wondering how my computer would pop up messages "infection found" every couple of minutes despite it not doing anything? The culprit was the active bluetooth connection and the neighbour's infected Nokia that kept sending a file to my computer, which of course denied it and warned me of the virus

SYMBIAN powered devices are hit the hardest - Nokia's S60 platform and others that happen to run the same system. The viruses do all kinds of things - from displaying a funny logo to outright bricking the phone (by disabling the menu icons and leaving the user with nothing but the keypad), some even are targeting pre-paid users by auto-sending SMS or MMS in a hidden process (the user doesn't see it!) to overseas numbers until the credit is used up. There are variants that are coded with bugs on purpose so that all they do is execute themselves, hit the bug, crash and reboot the phone - that process repeats endlessly.

What they have in common is their way of propagation - via Bluetooth. The virus has the phone seeking other Bluetooth-enabled devices and, once found, skips the pairing and starts sending itself to that device. The receiving user is fooled into thinking he is receiving a picture, mp3 or video file - or an anti-virus program (!). All of them need to be installed manually - so yes, the receiving user MUST click "yes" to install it, but experience shows - many think that even a picture needs to be "installed".

Fixing these infections on Symbian 6.x, 7.x and 8.x is easy - one needs a file manager and simply browse the c: drive for files that are not supposed to be there. Finding and deleting those is one thing, making sure re-infection doesn't happen isn't as easy - the virus can hide itself in many folders under many names, and upon access to such file (funny.jpg for example) the process is repeated. Also, if there is no file manager on the phone, some viruses actively prevent installation of new Symbian applications so file managers or anti-virus programs can't be installed easily.

Therefor the FIRST application ANYONE should install on a Symbian phone is a decent file manager. I can recommend FExplorer which is free and excellent. I do NOT recommend an anti-virus software - some of them (Symantec particularly) do on the phone as they do on the computer - make it start up very slow and make everything sluggish, also they may interact badly with other installed software (my Nokia 3230 would not start at all with Symantec on it because it interfers with another application called FSCaller).

Next recommendation - keep Bluetooth OFF whenever it is not really needed. And if it has to be ON, make sure your phone is in "Non-discoverable" mode and paired to the devices you need to use it with (headset, laptop etc). That was my fault with my computer - it was discoverable, which is how neighbour's phone could zero in on it.

Next recommendation - if you have NOT asked for a file to be sent to you, do NOT accept one that is received! And even IF you asked your friend to beam you that mp3, check first that the file IS an mp3! If it asks to install something, "cancel" and delete the received file from your messages inbox!

LAST recommendation - avoid using a Symbian phone in first place. I found that a Sony-Ericsson K750i has more features ex-factory than my Nokia 3230 with all sorts of software installed (and paid extra for)! And the SE can also install and run extra stuff - but only JAVA based apps which have no access to system resources and hence can not damage anything. Plus it runs a lot snappier than the Nokia - Symbian is sluggish by nature, somewhat.

By the way NEWER Symbian devices run on version 9.x, those are considred safer as here, too, software does not have access to crucial system files or folders, i.e. a virus can not install itself onto drive c: but only in a specific "user area". But as coders have already cracked the protection in order to offer file manager software (which otherwise would not run on such phones either!) it can't take too long for the first viruses to arrive on such platforms too.

And Windows-phones? They happily run every nasty that a Windows-computer runs, so avoid them like the plague - or shell out that extra $$ for anti-virus software and run it at all times.

iPhone? Rather safe as it runs a BSD-based OS and as we all know, virus coders are too lazy to write nasties for that kind of platform. So far!!

Best regards....

Thanh

[Crushdepth]

It's not a myth - there are a number of mobile viruses that affect mobile phones and spread by bluetooth. They are also fairly common in Bangkok - if you go to a nightclub or somewhere else that's crowded you will probably come across one. As far as I know they can only infect smartphones (eg Series 60 Nokias). The problem with them is that they run your battery down quickly by continuously trying to broadcast and also hog the bluetooth connection so its hard to use it for any other purpose. You don't need antivirus software on your phone though - just don't accept/save any strange messages that pop up on your phone, and you won't get it.

A while back I installed Antivir on my lap top, and it picked up a mobile phone virus being broadcast from an infected phone - the owner was having lunch at a table outside my office!

[astral]

I know I started on the BlueTooth tack,

but what about when you start using the web browser function of the phone????????

Surely you need anti-virus then?

[stumonster]

I thought I might weigh in on this thread also.

I quite like the s60 OS for the nokia phones , the sony erricsons use a version called UIQ.

back in 2004 when the cabir virus came out most people did not understand that their phones had bluetooth enabled and visible by default , but still this was not a problem if they did not just accept any request - though some of the older nokias and sony erricsons would auto accept , do a search on bluejacking to find out the phone models that did auto accept.

back in 2004 the virus/worm would just attempt to send itself via bluetooth to any other phones it could see.

you should only make your bluetooth devices visible when you are pairing and then ones you have paired set to hidden again.

this will not give you absolute protection , but unless the attacker is a genius at bluesnarfing you are not at risk - if your contact list is that valuable don't store it on a phone with bluetooth turned on.

[nikster]

There are BT viruses out there, but you don't "need anti-virus". Just set your profile to hidden instead - it's easier, and less resource intensive, as well as free.

There are BT viruses out there but they can't infect you if you keep your BT profile hidden. In every Bluetooth (BT) phone, you have the option to switch BT on but hide from others, so somebody doing a BT scan will not see your phone. Because your phone doesn't even respond to non-paired devices.

Mobile browsers are not used enough for virus authors to bother. Mobile Safari and eventual clones from others will change that but we are not there yet.

On a general note, Astral, I think you are placing too much faith in AV programs. Keep in mind that a determined attack can infect your system despite any AV you might have installed.

I think there is now one AV program that actually prevents viruses from running - rather than just preventing them from being written to the hard disk which is what all the others are doing. That one could in theory prevent virus attacks reliably. The others are useful for protection from email attachments and infected flash sticks and CD ROMs. Things that you can protect yourself from rather easily by using webmail and turning off auto start for everything. They don't protect you from browser-based attacks. Browser based attacks use a hole in either the browser or a plug-in and run before the hard-disk based AV program can react because nothing has been written to the disk yet- the virus is just running. Then the virus can easily turn off / disable the AV program and write itself to the HD. The ability to create malware like this does not require insider knowledge either - virus creation kits will do it all for you.

[astral]

Well, if I can draw a parallel between the phone and the PC.

I rarely see a virus on my PC, but when I do, Avast chirps up and tells me how to

eradicate the virus before it can do any harm.

Surely the same should be true on a phone?

[nikster]

Well, if I can draw a parallel between the phone and the PC.

I rarely see a virus on my PC, but when I do, Avast chirps up and tells me how to

eradicate the virus before it can do any harm.

Surely the same should be true on a phone?

No.

First off, there are viruses on the PC that Avast doesn't see - you'd never know. Granted, you will have to visit a compromised website to get one of those, they don't come via email - but they are out there.

Second, it really depends on the nature of the virus. Bluetooth viruses that come in and you have to click "accept" to even make them run will be detected by AV software as well. Bluetooth viruses that crash the Bluetooth stack and where you don't need to click anything won't be detected by AV software.

The former, very unsophisticated viruses you can avoid by simply setting your phone to hidden or alternatively declining any request to run any BT app that comes in. The latter, you can probably still avoid by hiding, but the AV program isn't going to help.

The good thing about all this is that existing BT viruses are very primitive and so you can avoid them easily. I don't see where installing an AV program on a phone has any advantage over setting Bluetooth to hidden... in fact, the latter will be safer.